Location:
Search - LoadLibrary
Search list
Description: 示范如何使用 LoadLibrary(...) 和 GetProcAddress(....)调用dll的输出函数.-the code show how to call the functions in the dll file by LoadLibrary and GetProcAddress.
Platform: |
Size: 46632 |
Author: 杨杰 |
Hits:
Description: 在NT环境下隐藏进程,也就是说在用户不知情的条件下,执行自己的代码的方法有很多种,比如说使用注 册表插入DLL,使用Windows挂钩等等。其中比较有代表性的是Jeffrey Richer在《Windows核心编程》中 介绍的LoadLibrary方法和罗云彬在《Windows环境下32位汇编语言程序设计》中介绍的方法。两种方法的 共同特点是:都采用远程线程,让自己的代码作为宿主进程的线程在宿主进程的地址空间中执行,从而达 到隐藏的目的。相比较而言,Richer的方法由于可以使用c/c++等高级语言完成,理解和实现都比较容易 ,但他让宿主进程使用LoadLibrary来装入新的DLL,所以难免留下蛛丝马迹,隐藏效果并不十分完美。罗 云彬的方法在隐藏效果上绝对一流,不过,由于他使用的是汇编语言,实现起来比较难(起码我写不了汇 编程序:))。笔者下面介绍的方法可以说是对上述两种方法的综合:采用c/c++编码,实现完全隐藏。并 且,笔者的方法极大的简化了远程线程代码的编写,使其编写难度与普通程序基本一致。-the NT environment hidden process, the user is unaware of the conditions, the implementation of their code There are various ways, for instance, the use of the registry into DLL, etc. linked to the use of Windows. The more representative Jeffrey Richer is the "core Windows programming" introduced by the LoadLibrary method and the Luo Bin, "under Windows 32 assembly language programming" introduced by the method. Two methods are common features are : remote threads are used to keep the code as host process threads in the host address space of the process to implement in order to achieve the purpose of hiding. Comparatively speaking, Richer way can be used as c / c Senior complete language, understanding and will be relatively easy to achieve, but he let the host process
Platform: |
Size: 32284 |
Author: 潘桂聪 |
Hits:
Description: 本代码演示了缓冲区溢出的攻击与防范。我的开发环境
操作系统:windows xp professional + sp1a
编译器:visual c++.net 2003
由于操作系统的补丁太多,即使与我相同的系统也可能需要修改LoadLibrary、GetProcAddress、VirtualAlloc和\"jmp esp\"指令的地址。
请谨慎修改编译参数,修改参数可能导致修改程序。
请只编译release版,debug版无法正常执行。-demonstration of the code of buffer overflow attacks and Prevention. I development environment operating system : Windows XP Service Pack 1a Express Install professional compiler : visual c. Net 2003 operating system patches too much, even with the same system, I may need to revise LoadLibrary, GetProcAddress, VirtualAlloc and "JMP esp" instruction address. Please carefully revised compiler parameters, parameter changes could lead to the revision process. Please only compiler release version, debug version of the normal implementation.
Platform: |
Size: 14323 |
Author: gogo |
Hits:
Description: 文件视图,CFrameWnd C Static CRect MoveWindow CreatePen CSize CDC SetBkMode SelectObject CPen LineTo SetTextColor CString TextOut CFont CreateFont DrawText CreateDC GetDeviceCaps DeleteDC GetObject GlobalAlloc GlobalLock GetStockObject GetDC SelectPalette RealizePalette GetDIBits ReleaseDC CreateFile WriteFile GlobalUnlock GlobalFree CloseHandle CPaintDC CBitmap CreateCompatibleDC CreateCompatibleBitmap PtInRect BitBlt DeleteObject CPoint ShowWindow ClientToScreen GetWindowDC GetWindowRect CFileDialog CWinApp CSingleDocTemplate CCommandLineInfo UpdateWindow CDialog CDataExchange CDocument CView CPrintInfo GetClientRect SetWindowLong GetWindowLong LoadLibrary GetProcAddress GetLastError FreeLibrary CreateDialog-document View, CFrameWnd CWnd CStatic CRect MoveWindow Creat ePen CSize CDC SetBkMode SelectObject CPen Lin eTo SetTextColor CString TextOut CFont Back Font DrawText CreateDC GetDeviceCaps DeleteD C GetObject GlobalAlloc GlobalLock GetStockO bject GetDC RealizePalette Get SelectPalette DIBits ReleaseDC CreateFile WriteFile Global Unlock GlobalFree CloseHandle CPaintDC CBitm ap CreateCompatibleDC CreateCompatibleBitm ap PtInRect BitBlt DeleteObject CPoint ShowWi ndow ClientToScreen GetWindowDC GetWindowRe ct CFileDialog CWinApp CSingleDocTemplate CC ommandLineInfo UpdateWindow CDialog CDataEx change CDocument CView CPrintInfo GetClientR ect SetWindowLong GetWindowLong LoadLibrary GetProcAddress GetLastError FreeLibrary Cre ateDialog
Platform: |
Size: 26729 |
Author: slansam |
Hits:
Description: 用VC++ Hook技术实现屏幕取词.它是利用调试技术编写成的API钩子。比起16位下传统的入口代码改写技术,它是没有多线程问题的,而且能够拦截LoadLibrary/GetProcAddress完成的API显式调用。-VC Hook Capture Characters from Screen Technology. It is testing the use of technology into the preparation of the API hook. Compared to the traditional 16 under the entrance to rewrite code technology, it is not multithreaded problems. and can intercept LoadLibrary / GetProcAddress completed API Explicit call.
Platform: |
Size: 372054 |
Author: tanglongsh |
Hits:
Description: VC源码自动注册OCX控件
BOOL bResult = FALSE
//检查是否支持注册
if (SupportsSelfRegister(strOcxPath))
{
HMODULE hModule = ::LoadLibrary(strOcxPath)
if (LOADLIBRARY_FAILED(hModule)) return FALSE
//获得注册函数地址
CTLREGPROC DLLRegisterServer =
(CTLREGPROC)::GetProcAddress(hModule,\"DllRegisterServer\" )
if (DLLRegisterServer != NULL)
{
HRESULT regResult = DLLRegisterServer()
bResult = (regResult == NOERROR)
}
::FreeLibrary(hModule)
}-VC source automatic registration OCX Controls BOOL bResult = FALSE / / check whether support registration if (SupportsSelfRegister (strOcxPath)) (HMODULE hModule = : : LoadLibrary (strOcxPath) if (LOADLIBRARY_FA ILED (hModule)) return FALSE / / registration function addresses CTLRE GPROC DLLRegisterServer = (CTLREGPROC) : : GetProcAddress (hModule. "DllRegisterServer") if (DLLRegisterServer ! = NULL) (HRESULT = DLLRegisterServ regResult er () bResult = (regResult == NOERROR)) : : FreeLibrary (hModule);)
Platform: |
Size: 36070 |
Author: chengde |
Hits:
Description: Start.exe 安装 Insert.dll 中的 WH_GETMESSAGE 钩子.在钩子回调函数中
判断当前进程ID是否先前 Start.exe 查找到的 Explorer进程ID, 是的话,则
再次LoadLibrary(Insert.dll),并定位到其中ThreadPro函数. 此时创建一个
新线程,线程函数就是ThreadPro,该新线程首先往Start.exe消息队列放置一个线
程退出消息 WM_QUIT,导致其消息循环结束. 此时插入线程完成..可以看到屏幕
左上角不断变化的数字..说明我们的代码正在执行.进程列表却没有Start.exe,
用进程管理观察,可发现Explorer进程,的确多了个线程,且来自Insert.dll ..
如果希望插入Explorer的线程结束,按 Alt+L 即可... :)-Start.exe Insert.dll installation of WH_GETMESSAGE hook. in the hook callback function to judge whether the current process ID prior to the search Start.exe Expl orer process ID, the answer is yes, then again LoadLibrary (Insert.dll) and the positioning of which ThreadPro function. At this time the creation of a new thread, Thread is ThreadPro function, The first new thread to Start.exe Message Queue placed a thread from the news WM_QUIT. lead to the end of the news cycle. At this point, insert threads completed .. can see the screen in the upper left corner evolving digital note .. Our code is being implemented. List of the process did not Start.exe with process management observation, Explorer process can be found, it is true, of a thread, and from Insert.dll .. If you want to insert the
Platform: |
Size: 26257 |
Author: pangguigao |
Hits:
Description: 示范如何使用 LoadLibrary(...) 和 GetProcAddress(....)调用dll的输出函数.-the code show how to call the functions in the dll file by LoadLibrary and GetProcAddress.
Platform: |
Size: 46080 |
Author: |
Hits:
Description: 本代码演示了缓冲区溢出的攻击与防范。我的开发环境
操作系统:windows xp professional + sp1a
编译器:visual c++.net 2003
由于操作系统的补丁太多,即使与我相同的系统也可能需要修改LoadLibrary、GetProcAddress、VirtualAlloc和"jmp esp"指令的地址。
请谨慎修改编译参数,修改参数可能导致修改程序。
请只编译release版,debug版无法正常执行。-demonstration of the code of buffer overflow attacks and Prevention. I development environment operating system : Windows XP Service Pack 1a Express Install professional compiler : visual c. Net 2003 operating system patches too much, even with the same system, I may need to revise LoadLibrary, GetProcAddress, VirtualAlloc and "JMP esp" instruction address. Please carefully revised compiler parameters, parameter changes could lead to the revision process. Please only compiler release version, debug version of the normal implementation.
Platform: |
Size: 47104 |
Author: gogo |
Hits:
Description: VC源码自动注册OCX控件
BOOL bResult = FALSE
//检查是否支持注册
if (SupportsSelfRegister(strOcxPath))
{
HMODULE hModule = ::LoadLibrary(strOcxPath)
if (LOADLIBRARY_FAILED(hModule)) return FALSE
//获得注册函数地址
CTLREGPROC DLLRegisterServer =
(CTLREGPROC)::GetProcAddress(hModule,"DllRegisterServer" )
if (DLLRegisterServer != NULL)
{
HRESULT regResult = DLLRegisterServer()
bResult = (regResult == NOERROR)
}
::FreeLibrary(hModule)
}-VC source automatic registration OCX Controls BOOL bResult = FALSE// check whether support registration if (SupportsSelfRegister (strOcxPath)) (HMODULE hModule = : : LoadLibrary (strOcxPath) if (LOADLIBRARY_FA ILED (hModule)) return FALSE// registration function addresses CTLRE GPROC DLLRegisterServer = (CTLREGPROC) : : GetProcAddress (hModule. "DllRegisterServer") if (DLLRegisterServer ! = NULL) (HRESULT = DLLRegisterServ regResult er () bResult = (regResult == NOERROR)) : : FreeLibrary (hModule);)
Platform: |
Size: 35840 |
Author: chengde |
Hits:
Description: Matlab和VC混合编程的一个小例子,需要有Matlab2007和VS2005的环境,通过COM进行调用-Matlab and VC Mixed Programming a small example of the need for Matlab2007 and VS2005 environment, through the COM calls
Platform: |
Size: 166912 |
Author: zhangjian |
Hits:
Description:
DLL的静态调用和动态调用
静态加载的DLL不能被卸载掉
动态调用:
LoadLibrary
LoadLibraryA
LoadLibraryW
3个函数的演示
-DLL static call and dynamic call static load DLL can not be unloaded off dynamic invocation: LoadLibraryLoadLibraryALoadLibraryW3 a function of presentation
Platform: |
Size: 531456 |
Author: 齐欢乐 |
Hits:
Description:
Platform: |
Size: 28672 |
Author: zcj |
Hits:
Description: 收集几款VC++代码注入程序,不同时期的都有,通过这些示例你会明白如何将代码注入不同的进程地址空间,随后在该进程的上下文中执行注入的代码。这里主要是三种方法:
1、Windows 钩子
2、CreateRemoteThread 和 LoadLibrary 技术 ——进程间通信
3、CreateRemoteThread 和WriteProcessMemory 技术
——如何用该技术子类化远程控件
——何时使用该技术-Collection of several VC++ code into the process, have different periods, through these examples you will understand how to code the process into a different address space, and then in the process into the context of the implementation of the code. Here are mainly three methods: 1, Windows hook 2, CreateRemoteThread and LoadLibrary technology- the process of communication 3, CreateRemoteThread and WriteProcessMemory technology- how to use the technology sub-class of remote control- when to use the technology
Platform: |
Size: 48128 |
Author: 300 |
Hits:
Description: This archive contains two Code::Blocks project. The first one is a DLL skeleton. It includes a default DLLMain function (the DLL entry point) that is called when the DLL is loaded in the memory and a sample function HelloDll.
The second project contains a console application that calls LoadLibrary to load the DLL in the virtual address space of the application and GetProcAddreess to get the address of the HelloDll function.
After calling the HelloDll function, the Dll is unloaded using FreeLibrary.
This is an elegant start-up solution for efficient memory utilisation, plugin system or error tolerant software(missing DLL means missing functionality and application crash can be avoided).
Platform: |
Size: 8192 |
Author: mihi64 |
Hits:
Description: 不使用LoadLibrary加载DLL,此方法可以加密DLL,运行动态解密,然后直接在内存中加载,或把DLL当资源放在EXE中,运行只在内存中解开,不需要外带d-Do not use LoadLibrary load the DLL, this method can be encrypted DLL, run the dynamic decryption, and then directly loaded in memory, or the DLL when resources are placed in EXE, run only in memory, unlock, requires no external dll
Platform: |
Size: 11264 |
Author: 王高全 |
Hits:
Description: HINSTANCE hInst = LoadLibrary("b.exe")
HRSRC hRc = FindResource(hInst, (LPCSTR)1, (LPCSTR)RT_ICON)
LPVOID lpResource = LockResource(LoadResource(hInst,hRc))
HANDLE hUpdate = BeginUpdateResource("a.exe", FALSE)
UpdateResource(hUpdate, (LPCSTR)RT_ICON, (LPCSTR)1, 0, lpResource, SizeofResource(hInst, hRc))
EndUpdateResource(hUpdate, FALSE)
CloseHandle(hRc)
FreeLibrary(hInst) -HINSTANCE hInst = LoadLibrary ( " b.exe" ) HRSRC hRc = FindResource (hInst, (LPCSTR) 1, (LPCSTR) RT_ICON) LPVOID lpResource = LockResource (LoadResource (hInst, hRc)) HANDLE hUpdate = BeginUpdateResource ( " a . exe " , FALSE) UpdateResource (hUpdate, (LPCSTR) RT_ICON, (LPCSTR) 1, 0, lpResource, SizeofResource (hInst, hRc)) EndUpdateResource (hUpdate, FALSE) CloseHandle (hRc) FreeLibrary (hInst)
Platform: |
Size: 80896 |
Author: 咹靜ゞ`兲倥 |
Hits:
Description: Hook Loadlibrary达到hook系统函数的目的。-Hook Loadlibrary purpose of the function to hook the system.
Platform: |
Size: 51200 |
Author: icommander |
Hits:
Description: 自己修改的loadLibrary,系统钩子-Their modified loadLibrary, Hook
Platform: |
Size: 177152 |
Author: 李南风 |
Hits:
Description: loadlibrary和GetProcadress的用法,动态加载函数,使用函数钩子(Loadlibrary and GetProcadress usage, dynamic loading function, the use of function hooks)
Platform: |
Size: 4096 |
Author: go_for_it
|
Hits: